Questions tagged [shellcode]

In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.

I'm trying to understand exploits that hijack the execution flow. Before exploiting a buffer overflow vulnerability, I'm just trying to set an environment variable to my shellcode and jump to it. So, ...

I am designing a online programming website similar to https://repl.it. Users can execute shell and python scripts on the browsers.
If users execute malicious commands including but not limited to "...

When we test a shellcode, we add it to a small C program and execute it in order to see it does the actual job we expect. But
most of the time, it crashes saying 'segmentation fault'. I got the same ...

I'm new to buffer overflows and I'm trying to understand exactly what I'm doing before using any premade and easy to go scripts.
My goal is to spawn a shell, so I found the asm code to do an execve("/...

I found an html form with a single input field, where the inputted text is used as the argument (or rather just the last part) of a ping command on the server.
When submitting the form, the following ...

I'm writing a DNS-01 extension to the widely used Let's Encrypt acme.sh, that uses a locally running DNS server such as Bind, Unbound, Knot DNS, etc, rather than an API to an external service provider,...

I followed a guide to do narnia2 of overthewire and the shellcode generated by them was:
h\x01\x01\x01\x01\x814$ri\x01\x011\xd2Rj\x04Z\x01\xe2R\x89\xe2jhh///sh/binj\x0bX\x89\xe3\x89\xd1\x99\xcd\x80
...

I'm learning exploitation, and I downloaded some execve("/bin/sh") shellcode from exploit-db to use it in simple buffer overflow example.
When I execute the program I am getting segmentation fault.
I'...

Quick disclaimer: I fully understand that the code I am attempting to write is insecure, and allows for arbitrary users to escalate to root. I am writing a simple C program like this to demonstrate ...

I am going through this video on buffer overflows but am having some trouble replicating the demo. The issue is that I am getting a segmentation fault when I expect to get a shell at the end.
The idea ...

I am trying to learn how to create shellcode, my goal is to call execve(). I wrote the code in assembly and it works perfectly, there are no null-bytes or absolute addressing methods. The code works ...

I am doing an exercise on creating custom shellcode (windows). The goal is to create shellcode that will delete the firewall log file.
I successfully spawned a reverse shell with metasploit, using a ...

I know how to use most of the tools in Kali like msfvenom and msfconsole and I can safely call myself a script kiddie.
I learned the basics of C# and that helps me understand some of the things in C, ...

Somebody told me it is possible to insert shellcode into an image or pdf file and execute the shellcode if the image or pdf file was opened. I know that this could be possible if the application (for ...

How exactly do the exploit pieces connect when bypassing ASLR and DEP using ROP?
It seems like there could be a number of ways. E.g. a full ROP based payload or a ROP payload that modifies a memory ...

I study Information Security at university, and we got at school a project to use some old patched vulnerability to get control over PC. We have chosen Chakra exploit CVE-2016-7200. We have it working ...

How is an egg placed in memory before the egg hunter code executes?
If a payload is too large for the exploit buffer but an egg hunter can find the payload, is the payload also sent in smaller chunks ...

It appears that a common exploit trick is to use stack overflow to overwrite the instruction pointer such that it points to a jmp esp instruction somewhere in the code segment which then executes the ...